Content Security Policy Can be bypassed in Chrome?
A recent flow now allows attackers to override CSP by doing the following. Chrome fixed it thankfully.
Resources
Issue 1064676: full CSP bypass while evaluating a javascript-URL in iframe. (CVE-2020-6519)
https://bugs.chromium.org/p/chromium/issues/detail?id=1064676
Learn more about CSP
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
My XSS video
🏭 Backend Engineering Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQUNnO4p00ua_C5mKTfldiYT
💾 Database Engineering Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQXjD0HOzN7P2tgzu7scWpl2
🛰 Network Engineering Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQUBSgBXilKhRMJ1ACqr7pTr
🏰 Load Balancing and Proxies Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQVMeBmWI2AhxULWEeo7AaMC
🐘 Postgres Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQWGrOqslniFlRcwxyY94cjj
🚢Docker
https://www.youtube.com/playlist?list=PLQnljOFTspQWsD-rakNw1C20c1JI8UR1r
🧮 Programming Pattern Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQV1emqxKbcP5esAf4zpqWpe
🛡 Web Security Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU3YDMRSMvzflh_qXoz9zfv
🦠 HTTP Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU6zO0drAYHFtkkyfNJw1IO
🐍 Python Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU_M83ARz8mDdr4LThzkBKX
🔆 Javascript Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQWab0g3W6ZaDM6_Buh20EWM
👾Discord Server https://discord.gg/CsFbFce
Become a Member
https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join
Support me on PayPal
https://bit.ly/33ENps4
Become a Patreon
https://www.patreon.com/join/hnasr?
Stay Awesome,
Hussein
Видео Content Security Policy Can be bypassed in Chrome? канала Hussein Nasser
Resources
Issue 1064676: full CSP bypass while evaluating a javascript-URL in iframe. (CVE-2020-6519)
https://bugs.chromium.org/p/chromium/issues/detail?id=1064676
Learn more about CSP
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
My XSS video
🏭 Backend Engineering Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQUNnO4p00ua_C5mKTfldiYT
💾 Database Engineering Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQXjD0HOzN7P2tgzu7scWpl2
🛰 Network Engineering Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQUBSgBXilKhRMJ1ACqr7pTr
🏰 Load Balancing and Proxies Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQVMeBmWI2AhxULWEeo7AaMC
🐘 Postgres Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQWGrOqslniFlRcwxyY94cjj
🚢Docker
https://www.youtube.com/playlist?list=PLQnljOFTspQWsD-rakNw1C20c1JI8UR1r
🧮 Programming Pattern Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQV1emqxKbcP5esAf4zpqWpe
🛡 Web Security Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU3YDMRSMvzflh_qXoz9zfv
🦠 HTTP Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU6zO0drAYHFtkkyfNJw1IO
🐍 Python Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQU_M83ARz8mDdr4LThzkBKX
🔆 Javascript Videos
https://www.youtube.com/playlist?list=PLQnljOFTspQWab0g3W6ZaDM6_Buh20EWM
👾Discord Server https://discord.gg/CsFbFce
Become a Member
https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg/join
Support me on PayPal
https://bit.ly/33ENps4
Become a Patreon
https://www.patreon.com/join/hnasr?
Stay Awesome,
Hussein
Видео Content Security Policy Can be bypassed in Chrome? канала Hussein Nasser
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Cross-Site Scripting Explained with Examples and How to Prevent XSS with Content Security PolicyBasic Caching Techniques Explained - Spatial, Temporal, Distributed, Write-Through, Write-Back,AsideCloudflare CDN CSP - XSS Bypass / HackTheBox Cyber Apocalypse CTFContent-Security-Policy: An IntroductionBSidesSF 2018 - No More XSS: Deploying CSP with nonces and strict-dynamic (Devin Lundberg)9 Command Prompt Commands You Should Know!Dominik Kundel: XSS, CSRF, CSP, JWT, WTF? IDK ¯\_(ツ)_/¯ | JSConf Iceland 2018I started Researching WebRTC and…..Content Security PolicyHow much can you learn about the Backend from its API?Content-Security-Policy to secure your web app in 3 minEmberScreencast 63 - Content Security PolicyContent Security Policy meta tagsHackers Hate It! Secure Your Web App with These 6 Weird HTTP HeadersGoogle Paid Me to Talk About a Security Issue!Reflected XSS protected by CSP, with CSP bypass (Video solution, Audio)How to Generate Content Security Policy like the pros!Content Security Policy: Script Source (script-src)Validation Rules in Salesforce | How to create it to restrict users from entering incorrect data